[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Updating GPG howto (http://keyring.debian.org/creating-key.html)

On Wed, 2011-04-06 at 01:09 +0000, brian m. carlson wrote:
> On Tue, Apr 05, 2011 at 05:15:15PM +0200, Vincent Caron wrote:
> >   2/ It is suggested to update gnupg.conf with:
> > 
> >   personal-digest-preferences SHA256
> >   cert-digest-algo SHA256
> >   default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
> > 
> >   Is it still needed with GnuPG 1.4.11 ?
> 
> This isn't strictly needed with any version of GnuPG.  However, these
> settings choose algorithms which are known to be stronger (avoiding MD5
> and the mandatory but somewhat weakened SHA1).  Setting
> default-preference-list specifies which algorithms you prefer in your
> key's self-signature (which you can always change later).
> Implementations are forbidden from using algorithms (other than the
> default must-implement ones) that you do not specify in your
> self-signature.  Using cert-digest-algo chooses the algorithm you will
> use in signing keys.  And finally, personal-digest-preferences is the
> algorithm you will use when signing data.

   That's a nice explanation that would fit on
http://keyring.debian.org/creating-key.html

  Thanks for your help.
Reply to: