cert-digest-algo clarification

David Shaw dshaw at jabberwocky.com
Wed Jul 11 19:28:12 CEST 2012


On Jul 11, 2012, at 1:06 PM, Sam Smith wrote:

> To make sure I understand correctly:
> 
> 1) cert-digest-algo SHA256 = will use SHA256 to sign KEYS with regardless of what preferences the key holder has stipulated
> 
> 2) digest-algo SHA256 = will use SHA256 to sign MESSAGES with regardless of what preferences the recipient of the message has stipulated
> 
> Do I understand these commands correctly?

Not exactly.  For signing keys (#1), there are no preferences, so there is nothing to override.  It's just whatever you set cert-digest-algo to.  Note, though, that this includes signing your own key, so if you make a subkey or add a user ID, the binding signature will also use that digest.  For #2, you do understand correctly.

David




More information about the Gnupg-users mailing list