[Pkg-gnupg-maint] Bug#725679: gnupg: does not seem to honor preferred hash algos list of the key being signed
Santiago Vila
sanvila at unex.es
Tue Oct 8 23:09:59 UTC 2013
El 08/10/13 22:19, Werner Koch escribió:
> On Tue, 8 Oct 2013 02:05, sanvila at unex.es said:
>
>> to get reasonable defaults. Is SHA-1 a reasonable default for key
>> signing?
>
> It is the default becuase SHA1 one is a MUST algorithm for OpenPGP and
> fingerprints are anyway compuyted using SHA1. SHA256 is not supported
> by all OpenPGP implementations.
>
> BTW, what is your threat model?
Sorry but I'm not a cryptographer. Do you mean that as far as there is
not a known exploit, there is nothing to worry about?
There is a preference list for digests that I can set in my key and
publish on the keyservers, but apparently there is not a preference list
for the digest algorithm used in key signign (I naively thought the one
for digests was also valid for keysigning, I was wrong).
So, if I would like people to use stronger algorithms when signign my
key, what are my options? Tell everybody to modify their gpg.conf?
Or maybe the algorithm for signing is irrelevant and does not matter at all?
More information about the Pkg-gnupg-maint
mailing list