Başar Alabay wrote the following on 1/26/11 9:10 AM:
> Hello,
>
> is it possible to change my RIPEMD160 to SHA512? As in following header it is
> SHA256? ¬
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA256
>
> I had read somewhere that this hash thing is the weak point.
>
> These are my gpg prefs:
> H10 H9 H8 H3 H2
> S10 S9 S8 S7
> Z3 Z2 Z1
>
> My key is 1024 DSA, and I'm thinking if I should make a new key, maybe with
> 4096. Or would 2048 be enough? Funny is, my old, revoked first key was 2048.
> But I'm not sure if everything will work fine. I haven't found out yet how to
> import a revocation certificate into the GPG key manager, e. g.
>
> This whole hash, cipher. etc. stuff should be in a central place, I think. It
> is really very intransparent, what should be configured how.
>
> Greets,
> B. Alabay
This is how the key you used for signing your e-mail looks like in Terminal:
===========
$ gpg --edit-key 7991C875
gpg (GnuPG) 1.4.11; Copyright (C) 2010 Free Software Foundation, Inc.
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
This key may be revoked by DSA key 835DE1F5 [?]
pub 1024D/7991C875 created: 2005-01-04 expires: never usage: SC
trust: validity:
sub 2048g/7E97A4F7 created: 2005-01-04 expires: never usage: E
(1). Basar Alabay <[email protected]>
(2) Basar Alabay <[email protected]>
(3) Basar Alabay <[email protected]>
(4) Basar Alabay <[email protected]>
(5) Basar Alabay <[email protected]>
gpg> showpref
(1). Basar Alabay <[email protected]>
Cipher: AES256, AES192, AES, CAST5, 3DES, TWOFISH
Digest: SHA1
Compression: ZIP, Uncompressed
(2) Basar Alabay <[email protected]>
Cipher: AES256, AES192, AES, CAST5, 3DES, TWOFISH
Digest: SHA1
Compression: ZIP, Uncompressed
(3) Basar Alabay <[email protected]>
Cipher: AES256, AES192, AES, CAST5, 3DES, TWOFISH
Digest: SHA1
Compression: ZIP, Uncompressed
(4) Basar Alabay <[email protected]>
Cipher: AES256, AES192, AES, CAST5, 3DES, [1]
Digest: SHA1, RIPEMD160
Compression: ZLIB, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
(5) Basar Alabay <[email protected]>
===========
According to the above information, your signing key is your primary key:
1024D/7991C875 created: 2005-01-04 expires: never usage: SC
If I am not wrong, with a 1024 bit DSA key, you cannot use SHA 256, SHA512.
If you want to keep this key (and not generate a new one, {which is not
necessary), you can add a sign only subkey, RSA 2048 bits, that will
give you the possibility of using SHA512.
As an example, this is how my own key A57A8EFA looks like in Terminal:
===========
pub 1024D/A57A8EFA created: 2002-02-11 expires: never usage: SCA
trust: ultimate validity: ultimate
sub 2048g/CE3A0945 created: 2002-02-11 expires: never usage: E
sub 2048R/855B83EF created: 2005-11-20 expires: never usage: S
===========
As you can see, the primary key was generated on February 11, 2002.
The sign only subkey RSA2048 was added on November 20, 2005:
sub 2048R/855B83EF created: 2005-11-20 expires: never usage: S
I am currently using SHA256, enabled in ~/.gnupg/gpg.conf with the
following option:
personal-digest-preferences SHA256
If you are interested in adding such a subkey, and configuring your
gpg.conf to use SHA512, please let me know, I'll try to walk you through
the process in Terminal.
Charly
_______________________________________________
gpgtools-users mailing list
[email protected]
Changes: http://lists.gpgtools.org/mailman/listinfo/gpgtools-users
Unsubscribe:
http://lists.gpgtools.org/mailman/options/gpgtools-users/[email protected]?unsub=Unsubscribe&unsubconfirm=1
This email sent to: [email protected]
