GnuPG hashing limits - PGP

This is a discussion on GnuPG hashing limits - PGP ; I noticed when clear signing messages with GnuPG you cannot sign with the larger hash algorithms like SHA250 or SHA384 or SHA512 there is only SHA1 or RPE160 accepted. I have two EL GAMAL key pairs of 2046 in size ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: GnuPG hashing limits

  1. GnuPG hashing limits

    I noticed when clear signing messages with GnuPG you cannot sign with the
    larger hash algorithms like SHA250 or SHA384 or SHA512 there is only SHA1
    or RPE160 accepted.

    I have two EL GAMAL key pairs of 2046 in size should I have created RSA
    keys instead if I wanted to use the larger Hash algorithms for signatures
    is it important to use these
    larger hashers?

    La salute non si paga

    --
    feel/free/to/comment/directly::esculentumATgmxDOTcoDOTuk

  2. Re: GnuPG hashing limits

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256

    leftofcentre wrote in
    newsp.s9e7bqfl6iydgi@localhost.localdomain:

    > I noticed when clear signing messages with GnuPG you cannot sign with the
    > larger hash algorithms like SHA250 or SHA384 or SHA512 there is only
    > SHA1 or RPE160 accepted.
    >
    > I have two EL GAMAL key pairs of 2046 in size should I have created RSA
    > keys instead if I wanted to use the larger Hash algorithms for signatures
    > is it important to use these
    > larger hashers?


    I believe that both PGP and GPG still plan to stick with the DSS standard
    of SHA until the standard is upgraded to permit larger SHA sizes. However,
    since the DSS standard does not include use of RSA, RSA signatures in both
    PGP and GPG are allowing the larger SHA hash sizes.

    Although the larger hash sizes are more secure, this still isn't a major
    issue for simple personal use. My thoughts on this are at:
    http://www.mccune.cc/PGPpage2.htm#Is_SHA1_Broken

    -----BEGIN PGP SIGNATURE-----
    Version: PGP Desktop 9.0.6 (Build 6060)
    Comment: My PGP FAQ: http://www.mccune.cc/PGP.htm

    iQEVAwUBRGRmEGDeI9apM77TAQil2QgAjyu9BHBgfA6eaFSXyZ nOY4KFmS1BQJvd
    vPvzteSGNhGYdCJ4PColw+kr3Cxyo9IUfyOoFLty6KWBV+s+bP eXi5z5/ZL80gNL
    4BqJ/W1tf0ehFnJef4L88zBDt4qylQ5WSKs4//QekagwMW/ufJBhHsl86UrCVgaA
    R97X+bd8Mjf8VdhCm3kfSa27TU26ENXQA92UjkvGt+y7nh2PYB aaMBM7We11bJNa
    S8YcyuKvCxjnP2LiN9JuNiKHa2e6XN67UmztXtIe0nb0WEwjPi sktoQFlEB0pFlv
    c/1ujoP6ermZM0X9VKn8y5MEYZ1EntEIMhowY95hb8W90Esz/3ENdA==
    =wnLQ
    -----END PGP SIGNATURE-----

  3. Re: GnuPG hashing limits

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA256



    leftofcentre wrote

    > I noticed when clear signing messages with GnuPG you cannot sign with the
    > larger hash algorithms like SHA250 or SHA384 or SHA512 there is only SHA1
    > or RPE160 accepted.
    >
    > I have two EL GAMAL key pairs of 2046 in size should I have created RSA
    > keys instead if I wanted to use the larger Hash algorithms for signatures
    > is it important to use these
    > larger hashers?


    You can add a RSA signing key of at least 2048 size to your existing
    keys and cross sign them. You can then use the larger hashes, like this
    one, signed with my old DSA key.

    Regards,

    Bob


    - --
    Remove "x" from address to reply by email.
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.3 (MingW32)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iQEVAwUBRGdTH3K0TX9bVQu/AQg3rwf/eurbszHGKNZ8xCyliOaGsVuHRzoRMQ5K
    KLP/neJZ7D9Jb8XQi4zxfOBl/MHTPIvG+TVL4uA6yfceQBHxIsUDv3iZuY9oDTHB
    jGMSQTX67gB52fRr5NouBFzO9qmKEStG6YsrVtO/OrXtp1cgce7qx4yPzSHlhuHL
    yExg0jjpA2eq/yZADoVC1owI6jjSLW3QPCOmqX1A3nudqCLc8A4wvnN8b4azP6I Z
    bvmTu5E7nVsECd+IHgKm7JaVFfMXl+r8f++A7ScKrtn1h2a5f6 IjzD7XZWKJVffa
    rENZjAd2ZgidUHYj5AC9qXlTCyk9t9pFqqvA3FV7EaZiKPt2DB rtgw==
    =cEkz
    -----END PGP SIGNATURE-----

+ Reply to Thread