why is SHA1 used? How do I get SHA256 to be used?
Robert J. Hansen
rjh at sixdemonbag.org
Tue Jul 10 01:12:28 CEST 2012
On 07/09/2012 06:18 PM, Laurent Jumet wrote:
> I think that by default, --gnupg is in use; --gnupg means --openpgp
> This means strict OpenPGP behaviour: MD5, SHA1, RIPEMD160
Nope.
> Try using "--digest-algo SHA256" in the command line or GPG.CONF;
> may be you'll need to suppress "--personal-digest-preferences" from
> GPG.CONF (I don't know).
I feel like I've said this several times in the past few months. Let me
say it one more time, loudly:
DON'T USE --cipher-algo OR --digest-algo UNLESS YOU KNOW EXACTLY WHAT
YOU'RE DOING AND WHY. IT'S EASY TO CREATE MESSAGES YOUR RECIPIENT
CANNOT READ. USE THE --personal-X-preferences INSTEAD.
I feel like I ought apologize for shouting, but really, this has been
said so many times in the last couple of months that I'm getting really
frustrated with correcting the "oh, just use --X-algo!" misadvice that
gets handed out so often.
More information about the Gnupg-users
mailing list