-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello Robert !
Robert J. Hansen r...@sixdemonbag.org wrote:
I think that by default, --gnupg is in use; --gnupg means --openpgp
This means strict OpenPGP behaviour: MD5, SHA1, RIPEMD160
Nope.
Try using --digest-algo SHA256 in the command
As a curiosity, could you have both clients save the message in raw
format somewhere on the disks, and compare if they're the same with a
checksum?
Maybe there's some misbehavior with the line endings in terms of *nix
vs Winblow$ (so checking with cat -v would also be a good idea)? I know
that at
On Mon, 9 Jul 2012 14:26, mailinglis...@hauke-laging.de said:
OK but what does --allow-freeform-uid do then? Makses sense to add this
You already quoted it in your first mail:
Disable all checks on the form of the user ID w..
^
Shalom-Salam,
Werner
--
Die
On Tue, 10 Jul 2012, Hauke Laging wrote:
Hello,
I was just pointed at the problem that for the last months all of my
signatures are supposed to be bad. I use KMail which shows both the emails I
have sent and those I receive via this list as correctly signed. I just used
Thunderbird (13.0) to
On 7/10/2012 1:59 AM, Laurent Jumet wrote:
The question was: why does GPG uses another preference that the primary
one?
The short answer is, because it has to, and because you've configured
it that way.
I've the same problem, this ClearSign message is in RIPEMD160 despite it's
not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Robert J. Hansen wrote:
On 7/9/2012 10:04 PM, vedaal wrote:
which open-pgp implementation can't read/verify SHA-256
PGP 8.0 or before. SHA-256 was introduced in 8.1, if I recall
correctly. There are still a *lot* of people using 6.5.8.
I
On 7/10/2012 4:58 AM, Andy Ruddock wrote:
I used the information in this article :
It is still substantially accurate and useful, as near as I can tell.
(I still think cert-digest-algo sha256 is unnecessary at this point in
time, but I understand why he believes otherwise, and his perspective is
Am Di 10.07.2012, 08:43:55 schrieb Branko Majic:
As a curiosity, could you have both clients save the message in raw
format somewhere on the disks, and compare if they're the same with a
checksum?
A checksum is not neccessary, it's obviously not the same. KMail stores the
files with \n line
Hauke, thank you so much for explaining this. Would you be so kind as to
describe how exactly I should edit my config file to accomplish SHA256?
There's lots of advice out there and I'd like to make sure I don't make any
mistakes when configuring. Thank you.
From:
Yeah, there's still people on Internet Explorer 6 7 too and they cause all
kinds of problems for web developers. If people using really old versions can't
read something, that's really their burden to update their software. SHA1 is no
longer secure. I'm not going to cater to people using
SHA1 is no longer secure.
At the present moment, SHA-1 is just fine. In the fairly near future,
anywhere between six months to a few years, I expect this will change.
But SHA1 is no longer secure is factually untrue, at least where
OpenPGP is concerned.
I don't recommend SHA-1 for new
Am Di 10.07.2012, 08:26:14 schrieb Sam Smith:
Hauke, thank you so much for explaining this. Would you be so kind as to
describe how exactly I should edit my config file to accomplish SHA256?
As Rob already mentioned: You need --personal-digest-preferences (which is
just
-BEGIN PGP SIGNED MESSAGE-
Hash: RIPEMD160
Hello Hauke !
Hauke Laging mailinglis...@hauke-laging.de wrote:
As Rob already mentioned: You need --personal-digest-preferences (which is
just personal-digest-preferences in the config file). You put your favourite
first, e.g.:
On 10/07/12 16:39, Laurent Jumet wrote:
Do you succeed in having a SHA256 hash with this statement? How can I
explain that I have RIPEMD160 instead?
Like Rob said,
Also note that you're using a 1k DSA key for signing, so is it really so
surprising you're using a 160-bit hash algorithm?
To
Am Di 10.07.2012, 16:39:20 schrieb Laurent Jumet:
personal-digest-preferences SHA256,RIPEMD160,SHA1
Do you succeed in having a SHA256 hash with this statement?
Yes, I do. Just tried.
How can I explain that I have RIPEMD160 instead?
Two possibilities come to my mind:
1) I
On Jul 10, 2012, at 10:39 AM, Laurent Jumet wrote:
Hauke Laging mailinglis...@hauke-laging.de wrote:
As Rob already mentioned: You need --personal-digest-preferences (which is
just personal-digest-preferences in the config file). You put your favourite
first, e.g.:
On 7/10/2012 10:39 AM, Laurent Jumet wrote:
Do you succeed in having a SHA256 hash with this statement? How can I
explain that I have RIPEMD160 instead?
I apologize for repeating myself here: I don't mean to be condescending,
but apparently my answer was not clear. I'll try to be more clear.
I'm trying to save a 4096 bit RSA key to my OpenPGP smartcard v2.0 but I get an
error about a bad secret key.
I use Ubuntu 10.04 with a self-compiled GnuPG 2.0.19
Verbose-mode doesn't tell more details and according to Google I am the only
one with that problem...
Does anyone know what's
gpg --options /dev/null --keyserver hkp://keys.gnupg.net --search-keys ...
gpg: external program calls are disabled due to unsafe options file
permissions
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
signature.asc
Description: This is a digitally signed message part.
On Tue, Jul 10, 2012 at 10:10:12AM -0400, Robert J. Hansen wrote:
SHA1 is no longer secure.
At the present moment, SHA-1 is just fine. In the fairly near future,
anywhere between six months to a few years, I expect this will change.
But SHA1 is no longer secure is factually untrue, at
On 7/10/2012 7:59 PM, brian m. carlson wrote:
SHA-1 is considered cryptographically broken. It does not provide
the level of security it claims.
Yes. This is not the same as being *insecure*, though, which is what
was claimed. Moving from cryptographically broken to insecure/dead
is about
On 7/10/2012 8:15 PM, Robert J. Hansen wrote:
Then you need to stop using OpenPGP altogether, because you're already
generating SHA-1 signatures with your certificate which can be lifted
and dropped onto new messages if/when a preimage attack is introduced
against SHA-1.
After re-reading
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
The general point remains, though,
that if you believe SHA-1 is insecure
then you need to stop using OpenPGP.
Well, Yes, and No. ;-)
SHA1 is hardwired into the fingerprint of v4 keys.
An open pgp consensus on a v5 key will not happen overnight.
On 7/11/2012 12:41 AM, vedaal wrote:
SHA1 is hardwired into the fingerprint of v4 keys.
As soon as a V5 key spec is released, I'll revise my statement. Until
then, OpenPGP has an unfortunate dependency on hashes that do not have
good long-term prospects. :)
So when is it reasonable enough to
24 matches
Mail list logo