multiple subkeys and key transition
Ben McGinnes
ben at adversary.org
Thu Dec 9 20:33:43 CET 2010
On 10/12/10 6:18 AM, Robert J. Hansen wrote:
> On 12/9/10 2:12 PM, Daniel Kahn Gillmor wrote:
>> But FIPS-186, as defined, only operates over 160-bit digests. So longer
>> digest algorithms won't work with DSA1 keys.
>
> Not true. Per the OpenPGP spec, it will simply truncate a longer digest
> down to 160 bits.
Well, I changed the prefs on my key to this:
[ultimate] (1). Ben McGinnes <ben at adversary.org>
Cipher: AES256, TWOFISH, CAMELLIA256, AES192, CAMELLIA192, AES,
CAMELLIA128, 3DES, CAST5, BLOWFISH, IDEA
Digest: SHA512, SHA384, SHA256, SHA224, RIPEMD160, SHA1, MD5
Compression: BZIP2, ZLIB, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Yet it still ignores everything which precedes RIPEMD160, presumably
because it's a DSA1 key and can't handle the SHA-2 digests.
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20101210/65b53636/attachment.pgp>
More information about the Gnupg-users
mailing list