Again its all very confusing to me -- math aside and practical considerations why you wouldn't want to mix and match key types and hash lengths. Again Robert Hansen has wisely suggested use the defaults -- I'm understanding this more and more -- however when I see showpref statements that would suggest SHA-1 is the default hash, when in actuality with larger DSA keys it is not, I get rather frustrated.
I think you have some level of misunderstanding about what, where, and how different algorithms are used, and what prefs refer to. I'll try to explain it in short, and forgive me if this is old for you and I assumed wrongly.
A keypair contains (simplifying) a public and private key plus metadata. Among the metadata there is a self signature, by which the private key signs the hash of the public key and other key elements. This hash is NOT determined by key preferences, key preferences are means to signal to other people what hashes they should use when they issue signatures for you. Likewise, the private key is encrypted on secring.gpg, and the algorithm used to encrypt it has nothing to do with key preferences, it is a private matter. Key preferences are ALWAYS hints to someone else about what algorithms you are willing and able to deal with when THEY send you data. They have nothing to do with the algorithms you use for encrypting to others, encrypting symetrically, hashing your key, and so on, beyond the obvious fact that you should be able to deal with all algorithms you place in prefs, as well as those used for your own key. These decisions are taken mostly through defaults, although it is also possible to use modifiers on the command line or options file in order to determine which hashes, or which algorithms to use for encrypting the private key.
HTH, --David. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
