Re: Updating GPG howto (http://keyring.debian.org/creating-key.html)
On Wed, 2011-04-06 at 01:09 +0000, brian m. carlson wrote:
> On Tue, Apr 05, 2011 at 05:15:15PM +0200, Vincent Caron wrote:
> > 2/ It is suggested to update gnupg.conf with:
> >
> > personal-digest-preferences SHA256
> > cert-digest-algo SHA256
> > default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed
> >
> > Is it still needed with GnuPG 1.4.11 ?
>
> This isn't strictly needed with any version of GnuPG. However, these
> settings choose algorithms which are known to be stronger (avoiding MD5
> and the mandatory but somewhat weakened SHA1). Setting
> default-preference-list specifies which algorithms you prefer in your
> key's self-signature (which you can always change later).
> Implementations are forbidden from using algorithms (other than the
> default must-implement ones) that you do not specify in your
> self-signature. Using cert-digest-algo chooses the algorithm you will
> use in signing keys. And finally, personal-digest-preferences is the
> algorithm you will use when signing data.
That's a nice explanation that would fit on
http://keyring.debian.org/creating-key.html
Thanks for your help.
Reply to: