Title: GPG signatures using SHA-512 as default instead of SHA-1
Post by: Dabs on October 24, 2013, 03:54:46 AM
Hi, this is not exactly bitcoin related, but I use this to sign messages (and encrypt some of them.) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Is there any possible problem with using SHA-512 to sign my messages? Can anyone who has GPG / PGP verify this signature and let me know if it's good.
My public key is here http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x36E4157832AD7565 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32)
iQIcBAEBCgAGBQJSaJjBAAoJEDbkFXgyrXVlNNsP/1T5dtLIs5JbIL3yaYuCaIN+ dHSMnfNo126J05mr7OTM4yCWz/3iBqK2aywzqByKItaqr0xxukVlf3OB/ATbGBxt ylPwO2faXeNT+3IB6yAN48j7KPmAnan+jSibgAZUfXds6AWC3AQDqYkFV17MLanz iSwVT+InzeNovlQQ2Mim8RHvF4IDHYTXCLtCSmzjzWLCuSy6QcqSbN3tb3O387pL 9f7xDxPzU8X/91JwXhbblj+fCtDGvgNMLauEvWjsMViHnqrR1CyXuato4fX7Tv45 vhZyxbIHS/IaeTZUJWt5gsozB1tMvTJiWX/+2O0M47+QOvh78Oc92YoEzDnk7ryt 0f74ppjux3U8MDSIeMNGu3lsPEX1IR1ED3ypU7KYXHJXqTCIczT+4o+yO4Vl52bT zYyy+LBGmNh+otklatY+Doi2nW6ibPBhrZhVMrWxdWqZSsKgHLluLQS8xhDAIkuv MckV8iqNHy94D+0kbY5hixW1sXBkIddVBT3+qjGBUt/GTPPkk6AjnF4NAbyXIH7i esiC+fu/tOctm8FCKRWumt+mii08Fo4yqscaupcwTGCno26MYZhMvixqRuXdSgxz nClcjj0nlpBQ2yOu4vQrBySpUEtr16ccK6X3XrpqCGpneG3EOZOOdOxiTlgbUuxz DGN2Qy7S6iOPIBwGSHdc =Q1mQ -----END PGP SIGNATURE-----
What I want to know is if this is verifiable using the different versions of GPG on different OSes, particularly older GPG versions like 1.4.15, and also Mac and Linux. I know GnuPG on Windows works since that is what I am using. Edit: If you have a non-windows machine, or if you use an older version (not version 2.) kindly verify this signature and post here that it's good. (You may have to add or trust my public key to make it say it's valid.)
Title: Re: GPG signatures using SHA-512 as default instead of SHA-1
Post by: ralree on October 24, 2013, 04:04:22 AM
hank@joint:~$ gpg --version gpg (GnuPG) 1.4.10 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg Supported algorithms: Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128, CAMELLIA192, CAMELLIA256 Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224 Compression: Uncompressed, ZIP, ZLIB, BZIP2 hank@joint:~$ gpg --verify -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Is there any possible problem with using SHA-512 to sign my messages? Can anyone who has GPG / PGP verify this signature and let me know if it's good.
My public key is here http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x36E4157832AD7565 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32)
iQIcBAEBCgAGBQJSaJjBAAoJEDbkFXgyrXVlNNsP/1T5dtLIs5JbIL3yaYuCaIN+ dHSMnfNo126J05mr7OTM4yCWz/3iBqK2aywzqByKItaqr0xxukVlf3OB/ATbGBxt ylPwO2faXeNT+3IB6yAN48j7KPmAnan+jSibgAZUfXds6AWC3AQDqYkFV17MLanz iSwVT+InzeNovlQQ2Mim8RHvF4IDHYTXCLtCSmzjzWLCuSy6QcqSbN3tb3O387pL 9f7xDxPzU8X/91JwXhbblj+fCtDGvgNMLauEvWjsMViHnqrR1CyXuato4fX7Tv45 vhZyxbIHS/IaeTZUJWt5gsozB1tMvTJiWX/+2O0M47+QOvh78Oc92YoEzDnk7ryt 0f74ppjux3U8MDSIeMNGu3lsPEX1IR1ED3ypU7KYXHJXqTCIczT+4o+yO4Vl52bT zYyy+LBGmNh+otklatY+Doi2nW6ibPBhrZhVMrWxdWqZSsKgHLluLQS8xhDAIkuv MckV8iqNHy94D+0kbY5hixW1sXBkIddVBT3+qjGBUt/GTPPkk6AjnF4NAbyXIH7i esiC+fu/tOctm8FCKRWumt+mii08Fo4yqscaupcwTGCno26MYZhMvixqRuXdSgxz nClcjj0nlpBQ2yOu4vQrBySpUEtr16ccK6X3XrpqCGpneG3EOZOOdOxiTlgbUuxz DGN2Qy7S6iOPIBwGSHdc =Q1mQ -----END PGP SIGNATURE----- gpg: Signature made Thu 24 Oct 2013 03:49:21 AM UTC using RSA key ID 32AD7565 gpg: Good signature from "David Racho <EMAILREMOVED>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: 2EDA F204 5FC1 CCFB 9513 64CB 36E4 1578 32AD 7565 TL;DR gpg: Good signature from "David Racho <EMAILREMOVED>" Seems to indicate it's valid.
Title: Re: GPG signatures using SHA-512 as default instead of SHA-1
Post by: Dabs on October 24, 2013, 04:20:28 AM
TL;DR gpg: Good signature from "David Racho <EMAILREMOVED>" Seems to indicate it's valid. Thanks ralree! I'll be using SHA-512 to sign from now on.
Title: Re: GPG signatures using SHA-512 as default instead of SHA-1
Post by: dserrano5 on October 24, 2013, 08:55:52 AM
Another gpg 1.4.10 on linux verifies ok here.
|