Author

Topic: Why can I only sign a GPG message with SHA1 hash (Read 224 times)

full member
Activity: 305
Merit: 106
February 01, 2020, 08:26:10 PM
#4
Sorry, got confused a bit and did not understand the question with all those pgp, gpg...
Try to limit the algorithms used by editing the gpg.conf file and leave only what you want SHA256, SHA 384, SHA512..
Or try "cert-digest-algo SHA256" or  "--s2k-digest-algo SHA256" in the command line when generating the key.
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
PGP stands for Pretty Good Security. It uses pub/priv keys and encrypts using SHA1. That's what it does. That's the protocol.
Here is a useful link, hope it helps: https://www.movable-type.co.uk/scripts/sha256.html


This is an interesting link but it has nothing to do with PGP. Counterintuitively, this is not in the manual or the usage text for gpg, but the option to force the digest algorithm to be used is called --personal-digest-preferences. So in my case I would need to use gpg -s -u 47FAE4A0 --clearsign --personal-digest-preferences sha256 in order to sign with SHA256. It's reasonably safe to assume that all GPG clients I care about support reading SHA256 signatures.

And it appears that SHA256 message digests for signing was made the default in version 2.1 https://gnupg.org/download/release_notes.html#sec-1-23
full member
Activity: 305
Merit: 106
PGP stands for Pretty Good Security. It uses pub/priv keys and encrypts using SHA1. That's what it does. That's the protocol.
Here is a useful link, hope it helps: https://www.movable-type.co.uk/scripts/sha256.html
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
I can't find any option in gpg to select the SHA256 digest. SHA1 can be broken[1][2] and SHA256 is much more secure, so why is gpg selecting it by default for signatures?

Even the manpage suggests that there are hidden options ending with '-algo' that change the message digest algorithm but they don't seem to have any effect.

Quote
$ gpg -s -u 47FAE4A0 --clearsign
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Yodelayheehoo!
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJeK/MvAAoJEIpIWClH+uSgRnYP/17S3qedHkI79SXCuq7Dpehg
CgHQL9rTGhLbMWJRN2jeqORXgoEuTza49s+hzYT4FgScuhe42sP8PZgBhyyWMD/r
1G+MYEN7lGWsMbr75Epq6yzIjfUauBMwaHA7iM9CPz4uWp5CSgIL/eWUAIeiREsQ
DSaLBzqAFRpCe9Y2BCQ4/rrYpGbVE+K4+ZpKAC3xsAVKs+dC3XVHTOyKXMHrSRxZ
jUvpki/Pwoz0NErU8G5YKyiXGFhJORQXMs8RmEwZk7qBKih0Fb1rp1NQFVJ6ZbNO
Kp/2ChO94nR+P1LhgLD8L6kDEMnLf4LF12t7TfyCMuQMxwurhSjmElLT3QT9NDHz
7uQQV0u13a0A4DS9WkpHyrPqUYDIjrJ1oBQArsDTS8yjHtcwkB9RNOnM1gUvfKa3
Z9xQHBU1xxn/w6UTiPlGDbOTFClMv0C9b5tydYAzkNjEyadBU49r/k1GVjxpMxYb
dARiiZ6B/NX8HQN9nIuhqLT4sU1MfEP1Ad5Nl0gEbxhJKJNDfxaLkKWhRu65rjvO
07B3zlFq5oATR30ptJOooGfyln7Kkcv0I1NwlcgkOwS89xoraFu4ui9XED/x2PGM
xac115yJgWOcEdo4Sz/kSBFEbS0mmVS875w3wyB23zxxM4+63JKAU79iBOWlq0zK
kES+cuAqobCr4Z+BsUVT
=kRno
-----END PGP SIGNATURE-----

[1] https://shattered.io/ (warning: its certificate expired 2 days ago, I think they just need to renew it though)
[2] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html (this cert is OK)
Jump to: