|
Title: Why can I only sign a GPG message with SHA1 hash Post by: NotATether on January 25, 2020, 07:59:06 AM I can't find any option in gpg to select the SHA256 digest. SHA1 can be broken[1][2] and SHA256 is much more secure, so why is gpg selecting it by default for signatures?
Even the manpage suggests that there are hidden options ending with '-algo' that change the message digest algorithm but they don't seem to have any effect. Quote $ gpg -s -u 47FAE4A0 --clearsign -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Yodelayheehoo! -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iQIcBAEBAgAGBQJeK/MvAAoJEIpIWClH+uSgRnYP/17S3qedHkI79SXCuq7Dpehg CgHQL9rTGhLbMWJRN2jeqORXgoEuTza49s+hzYT4FgScuhe42sP8PZgBhyyWMD/r 1G+MYEN7lGWsMbr75Epq6yzIjfUauBMwaHA7iM9CPz4uWp5CSgIL/eWUAIeiREsQ DSaLBzqAFRpCe9Y2BCQ4/rrYpGbVE+K4+ZpKAC3xsAVKs+dC3XVHTOyKXMHrSRxZ jUvpki/Pwoz0NErU8G5YKyiXGFhJORQXMs8RmEwZk7qBKih0Fb1rp1NQFVJ6ZbNO Kp/2ChO94nR+P1LhgLD8L6kDEMnLf4LF12t7TfyCMuQMxwurhSjmElLT3QT9NDHz 7uQQV0u13a0A4DS9WkpHyrPqUYDIjrJ1oBQArsDTS8yjHtcwkB9RNOnM1gUvfKa3 Z9xQHBU1xxn/w6UTiPlGDbOTFClMv0C9b5tydYAzkNjEyadBU49r/k1GVjxpMxYb dARiiZ6B/NX8HQN9nIuhqLT4sU1MfEP1Ad5Nl0gEbxhJKJNDfxaLkKWhRu65rjvO 07B3zlFq5oATR30ptJOooGfyln7Kkcv0I1NwlcgkOwS89xoraFu4ui9XED/x2PGM xac115yJgWOcEdo4Sz/kSBFEbS0mmVS875w3wyB23zxxM4+63JKAU79iBOWlq0zK kES+cuAqobCr4Z+BsUVT =kRno -----END PGP SIGNATURE----- [1] https://shattered.io/ (warning: its certificate expired 2 days ago, I think they just need to renew it though) [2] https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html (this cert is OK) Title: Re: Why can I only sign a GPG message with SHA1 hash Post by: Chlotide on January 28, 2020, 11:18:42 PM PGP stands for Pretty Good Security. It uses pub/priv keys and encrypts using SHA1. That's what it does. That's the protocol.
Here is a useful link, hope it helps: https://www.movable-type.co.uk/scripts/sha256.html Title: Re: Why can I only sign a GPG message with SHA1 hash Post by: NotATether on February 01, 2020, 01:24:51 PM PGP stands for Pretty Good Security. It uses pub/priv keys and encrypts using SHA1. That's what it does. That's the protocol. Here is a useful link, hope it helps: https://www.movable-type.co.uk/scripts/sha256.html This is an interesting link but it has nothing to do with PGP. Counterintuitively, this is not in the manual or the usage text for gpg, but the option to force the digest algorithm to be used is called --personal-digest-preferences. So in my case I would need to use gpg -s -u 47FAE4A0 --clearsign --personal-digest-preferences sha256 in order to sign with SHA256. It's reasonably safe to assume that all GPG clients I care about support reading SHA256 signatures. And it appears that SHA256 message digests for signing was made the default in version 2.1 https://gnupg.org/download/release_notes.html#sec-1-23 Title: Re: Why can I only sign a GPG message with SHA1 hash Post by: Chlotide on February 02, 2020, 01:26:10 AM Sorry, got confused a bit and did not understand the question with all those pgp, gpg...
Try to limit the algorithms used by editing the gpg.conf file and leave only what you want SHA256, SHA 384, SHA512.. Or try "cert-digest-algo SHA256" or "--s2k-digest-algo SHA256" in the command line when generating the key. |