On Wed, 2011-04-06 at 01:09 +0000, brian m. carlson wrote: > On Tue, Apr 05, 2011 at 05:15:15PM +0200, Vincent Caron wrote: > > 2/ It is suggested to update gnupg.conf with: > > > > personal-digest-preferences SHA256 > > cert-digest-algo SHA256 > > default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES > > CAST5 ZLIB BZIP2 ZIP Uncompressed > > > > Is it still needed with GnuPG 1.4.11 ? > > This isn't strictly needed with any version of GnuPG. However, these > settings choose algorithms which are known to be stronger (avoiding MD5 > and the mandatory but somewhat weakened SHA1). Setting > default-preference-list specifies which algorithms you prefer in your > key's self-signature (which you can always change later). > Implementations are forbidden from using algorithms (other than the > default must-implement ones) that you do not specify in your > self-signature. Using cert-digest-algo chooses the algorithm you will > use in signing keys. And finally, personal-digest-preferences is the > algorithm you will use when signing data.
That's a nice explanation that would fit on http://keyring.debian.org/creating-key.html Thanks for your help. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1302084949.4011.11.camel@zerohal.local
