On Jun 21, 2012, at 9:00 AM, Sam Smith wrote: > when running the command: gpg --list-packets <keyname.asc> > > there is an outputted line that reads: "SHA1 protection" > > I did some looking online and saw that this line stays even when people > change their hash algorithm to something else (like SHA2). > > If the "SHA1 protection" is not indicating the use of SHA1 hash, what is it > communicating? If a SHA2 hash is being used to mangle the passphrase of the > secret key being stored on the disk, why is the line "SHA1 protection" being > shown?
It means that the secret key is has (in addition to the passphrase) an internal SHA-1 hash to detect tampering. It's basically a large checksum, used to foil attacks that involve modifying the secret key. It's not related to the hash algorithm you use when signing things. David _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
