On Mon, May 16, 2011 at 11:30 AM, Werner Koch <[email protected]> wrote: > On Sat, 14 May 2011 22:42, [email protected] said: > >> Werner if you read this thread please reply. Thanks. > > I don't understand the context, what was your question? How to disable a > certain algorithm? (--disable-cipher NAME). > > I recall that there was a long thread abouth something with signature > algorithms; I didn't followed that one. > > > Salam-Shalom, > > Werner > > -- > Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. > >
Hi Werner, thanks for replying. I will cite myself: Is there a way to display hash algorithms along with public key algoritms (and its lenght) of signatures when issuing "--check-sigs" (or check in the "--edit-key" shell)? I also would like to know if there is a way to force that GPG will not accept signatures made with a certain hash or public key algorithms, when calculating validity of keys trough web of trust? In the case of public key it should be possible to specify key length. I didnt have luck finding answers to my questions in documentation, only a partial solution to my second question: There is an option "disable-pubkey-algo" that will totally disable choosen public key algoritm, however it only works after doing --check-trustdb with that option, otherwise it still accepts key signatures (certifications) made with disabled algorithm, as a valid signatures (for example when calculating key validity, or when doing "--check-sigs"). It can create problems when changing from "trust-model pgp" to "trust-model direct", beacuse as GPG says, there is "no need for a trustdb check with `direct' trust model". But is that really true that that there is no need for trustdb check? Im not sure, but GPG doesnt allow that. So while "disable-pubkey-algo" can be used to disable signatures made with certain public key algorithm when calculating validity of keys trough web of trust, there is no way to specify key length. Also there is no such option for hash algorithms. No "disable-hash-algo" or "disable-cert-digest-algo" or anything like that. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
