why is SHA1 used? How do I get SHA256 to be used?

David Shaw dshaw at jabberwocky.com
Tue Jul 10 17:18:29 CEST 2012


On Jul 10, 2012, at 10:39 AM, Laurent Jumet wrote:
> Hauke Laging <mailinglisten at hauke-laging.de> wrote:
> 
>> As Rob already mentioned: You need --personal-digest-preferences (which is
>> just personal-digest-preferences in the config file). You put your favourite
>> first, e.g.:
> 
>> personal-digest-preferences SHA256,RIPEMD160,SHA1
> 
>    Do you succeed in having a SHA256 hash with this statement?
>    How can I explain that I have RIPEMD160 instead?

Your key is a 1024-bit DSA key.  That key can only use a 160-bit hash, so you can use either RIPEMD160 or SHA-1.  The rules for hash choice in DSA were relaxed a bit later, to allow for a 160-bit hash *or* a larger hash truncated to fit.  To enable that, you can use "--enable-dsa2", and you should be able to get SHA256 - but note it's SHA256 truncated down to 160 bits.  You can't use more than 160 bits without a larger DSA key.

David




More information about the Gnupg-users mailing list