Your message dated Sun, 31 May 2015 21:59:40 -0400 with message-id <[email protected]> and subject line Re: [pkg-gnupg-maint] Bug#787385: gpg ignores options for s2k-digest-algo has caused the Debian Bug report #787385, regarding gpg ignores options for s2k-digest-algo to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 787385: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787385 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Package: gnupg Version: 1.4.12-7+deb7u7 When generating a new key pair, gpg sets the digest algorithm to the default SHA1 and completely ignores non-default settings specified with s2k-digest-algo. This happens both when specified on the commandline: gpg --s2k-digest-algo SHA256 --gen-key or when specified in the config file ~/.gnupg/gpg.conf s2k-digest-algo SHA256 After the key has been generated, gpg --list-packets shows iter+salt S2K, algo: 3, SHA1 protection, hash: 8, salt: blablabla I have tried using SHA256 and SHA512, both are ignored, even though both are listed as supported when invoked gpg --version
--- End Message ---
--- Begin Message ---On Sun 2015-05-31 19:41:59 -0400, Martin Vegter wrote: > Package: gnupg > Version: 1.4.12-7+deb7u7 > > When generating a new key pair, gpg sets the digest algorithm to the > default SHA1 and completely ignores non-default settings specified > with s2k-digest-algo. > > This happens both when specified on the commandline: > > gpg --s2k-digest-algo SHA256 --gen-key > > or when specified in the config file ~/.gnupg/gpg.conf > > s2k-digest-algo SHA256 > > After the key has been generated, gpg --list-packets shows > iter+salt S2K, algo: 3, SHA1 protection, hash: 8, salt: blablabla I think you're misinterpreting the output of --list-packets. hash: 8 *is* SHA256: https://tools.ietf.org/html/rfc4880#section-9.4 the SHA1 protection refers to the fact that this is a string-to-key usage octet 254, so this is the way that GnuPG can do a "quickcheck" that your password was likely correct (instead of trying to parse a bad decryption as some sort of secret key material): https://tools.ietf.org/html/rfc4880#section-5.5.3 This quick-check has nothing to do with the strength of the S2K, though. I'm closing this bug report, but if you think it's still a problem, feel free to re-open it. Regards, --dkg
--- End Message ---
