Hi Robert,
This might be of interest to you as well:
bash-3.00$ gpg --version
gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2
N.B. Good luck with your exams.
Thanks,
Peter.
Peter Firmstone wrote:
Hi Robert,
setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2
ZIP Uncompressed
Set preference list to:
Cipher: AES256, AES192, AES, CAST5, 3DES
Digest: SHA512, SHA384, SHA256, SHA224, SHA1
Compression: ZLIB, BZIP2, ZIP, Uncompressed
Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) y
You need a passphrase to unlock the secret key for
user: "Peter Firmstone (Engineer) <[email protected]>"
4096-bit RSA key,
gpg --list-secret-keys reports that both key's start with 4096R/KeyID
And I've added to the end of my gpg.conf:
personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES
CAST5 ZLIB
BZIP2 ZIP Uncompressed
I edited gpg.conf after I had generated my keys.
Is this ok?
Cheers,
Peter.
Robert Burrell Donkin wrote:
On Mon, Jan 4, 2010 at 12:32 AM, Craig L Russell
<[email protected]> wrote:
Hi Peter,
The only reason *not* to use 1.4.10 IMHO is if the generated artifacts
somehow are incompatible with other GPG programs out there.
unfortunately, some older programs are no longer secure after the
SHA-1 breakage. you need to check that SHA is set to 512 (or 256) for
signing and that both encrypt and sign keys are 4096 bit RSA (the
older versions did not use RSA for both keys).
- robert
