[Pkg-gnupg-maint] Bug#725679: gnupg: does not seem to honor preferred hash algos list of the key being signed
David Shaw
dshaw at jabberwocky.com
Mon Oct 7 21:50:06 UTC 2013
On Oct 7, 2013, at 6:52 AM, Santiago Vila <sanvila at unex.es> wrote:
> Package: gnupg
> Version: 1.4.12-7+deb7u1
>
> My current GPG key was created in 2009 and very shortly afterwards I
> changed the digest preferences as explained here:
>
> http://www.debian-administration.org/users/dkg/weblog/48
>
> and reuploaded the key to the keyservers with the new preferences, namely:
>
> Digest: SHA512, SHA384, SHA256, SHA224, SHA1
>
> Now, if I create a test user in my system, generate a test GPG key
> and try to download my key from the keyservers and sign it, I see that
> it's still signed using SHA-1:
If I understand properly what you're doing, this is not a bug. The person issuing a signature is ultimately in charge to select the digest when they make the signature. While you can set a digest preference on a key, it is merely a request for people making a signature for your benefit to use a digest that you like. In GnuPG, the digest preference is consulted only for data signatures, not key signatures.
David
More information about the Pkg-gnupg-maint
mailing list