You are viewing a plain text version of this content. The canonical link for it is here.
Posted to community@apache.org by Robert Burrell Donkin <rd...@apache.org> on 2009/08/12 21:34:13 UTC
[OpenPGP] GnuPG Stronger Hash Configuration
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
i've written up [1] how to configure GnuPG to use stronger hashes for
WOT links and signatures. pretty much everyone should do this regardless
of their current key size. hopefully, we can use it as the basis of
documentation if people trial it, verify it works and then post feedback
to this thread.
- - robert
[1] http://www.jroller.com/robertburrelldonkin/entry/gnupg_how_to_avoid_sha
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBCgAGBQJKgxk1AAoJEHl6NpRAqILLSR0P/0p88OWMMO/Qp828Ecx3DQNB
JM2LlizP/o5hp/U0s0enGtq7ytNAiY7wDoeVgEg7GBLnQiGMD84xS4lIahq6k+0r
Q8hpaOlreeIkkMAa1SKq6wp/6u34Kkv98iUCkfgz7Dh0XVhxJ2XeXAJ+i7IOJb66
xDc9z7NElCaP0GFGVAJizE0wux+TrvMEdNba6u82xXnz2R080tMC6EVpvntcA9u7
SrEpqMYat4AxRpQFi6B3sw4Kqk6ebBJuOvGyQi3dQPMdK6Zri1emmB5UqwFsFsPc
sZ5drfniKqQxqVY+vbco1hla//L8kDhhHo6a71UqSMPd6taP+qowWLeSbJGGN9MX
Knri2EAD0zoaMgYsRwPaXDXwLmbbM4hre4f6RZtnfAiOubvBixKqxugH0JyT2OqQ
/jIlJrn+m2Jlkgc4UcKu0u+L2+7QhHeL5qjwA/KguuCxwsuFi/Zn6W95D+IZAXz1
V0KSq/hfTNlrETaKmq2d8ZMYbEWdFjALt8uWWij5v32/IlrNp+mK52d2CB5Sgv2R
XGI0Vq7iwrB9roh5/xEU9ihZDuicYdj9vJCQA36WJZ1VkyQab4UG8Amisy2JlZOn
7dT+l22O/QxMqN+fwtqMQ1QOFIMhkt/j3+dux9mXrSib1MKfYON2nJlD+PSwprSX
bnIbNoVMkWseUP5mkWvj
=oTn2
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: [OpenPGP] GnuPG Stronger Hash Configuration
Posted by Robert Burrell Donkin <rd...@apache.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
sebb wrote:
> On 12/08/2009, Robert Burrell Donkin <rd...@apache.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> i've written up [1] how to configure GnuPG to use stronger hashes for
>> WOT links and signatures. pretty much everyone should do this regardless
>> of their current key size. hopefully, we can use it as the basis of
>> documentation if people trial it, verify it works and then post feedback
>> to this thread.
>
> Needs to say where to find the gpg.conf file for Windows users.
for an apache version it's probably better to have windows and *nux
sections. i don't have windows so someone would need to step forward to
help with that.
the path is also only conventional but i opted against a digression into
the GnuPG configuration system. perhaps it would be better to add a
section on that as well.
i used the term WOT links but that's not the technical term. maybe it
would worthwhile explaining the configuration option used to introduce
developers to those terms.
> "But for each existing key, ..." - it's not clear which existing keys
> are being referred to.
>
> Presumably this is referring to the private keys created by the user,
> rather than all the public keys that may be on the key-ring.
the operation isn't possible unless you have the secret key but it would
be clear
> BTW, the current version of GPG is 1.4.9; the example shows 1.4.7.
8-)
- - robert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBCgAGBQJKg668AAoJEHl6NpRAqILLVIYP/0Q8mepDJJ5Y9EZabpE2Tp07
Mdt0y+z4R9D7E6zc2r2L1TUtQaQSw/t57ar8wU6gkvMyqziIER9D77G/Y507wlQA
qVbnp5S6eYuL9H0NjNVv0mA5Sm0N9b2SWDsJi9QIzTizACg1Sqz/S5+DSBIvNTvI
DT7bD4MlWNp8EdIPPQzvzfBiJ0j9dPUIa8G+vt+Q8zhhJfCWBL51NaDczQqIG6Ls
2vpyT/nx4mPLNar9TNfQYQZl8s4amPZvVAv/Z20PH/kjBynRyU3vhrdQyQDW/mIy
7CA9kXlgepQq01w6IIFWQMZHtl7U9Y1xZZQ7kyWDuHEDTYf4zB4doSLDc9/xP8fq
N05ff0mHlPIfju72otI4IwQhQdtabl3Wnxu0mCP9fETJpcH6bGnjPxh62IYHWQim
ShyFjgxclyAgK09mO6Y74RS92RvXcF1GS4JjE27thQuzrgjjKHLyE8507rc/9SYl
Ep6G+ajyOT+6/fOSfWGOA07ERWFjO/KKhBOPy8Xvhy5FhGsljJb+CYECCt3OOIA3
kYf4UuZ6qmCiugM1b9/PqKJxyZUhoB2yro1xHSXcg9j79Z7/DURHZCPafqCCoNlA
hLeG+THWY4P+IyyW2QGPbqXpeDFs+0RB23ffV2Wenog/sLICFuvSZWmWMy8FkSr2
7KvI324Rg2/Z4hiTQJby
=xtP9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: [OpenPGP] GnuPG Stronger Hash Configuration
Posted by sebb <se...@gmail.com>.
On 12/08/2009, Robert Burrell Donkin <rd...@apache.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> i've written up [1] how to configure GnuPG to use stronger hashes for
> WOT links and signatures. pretty much everyone should do this regardless
> of their current key size. hopefully, we can use it as the basis of
> documentation if people trial it, verify it works and then post feedback
> to this thread.
Needs to say where to find the gpg.conf file for Windows users.
"But for each existing key, ..." - it's not clear which existing keys
are being referred to.
Presumably this is referring to the private keys created by the user,
rather than all the public keys that may be on the key-ring.
BTW, the current version of GPG is 1.4.9; the example shows 1.4.7.
> - - robert
>
> [1] http://www.jroller.com/robertburrelldonkin/entry/gnupg_how_to_avoid_sha
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIcBAEBCgAGBQJKgxk1AAoJEHl6NpRAqILLSR0P/0p88OWMMO/Qp828Ecx3DQNB
> JM2LlizP/o5hp/U0s0enGtq7ytNAiY7wDoeVgEg7GBLnQiGMD84xS4lIahq6k+0r
> Q8hpaOlreeIkkMAa1SKq6wp/6u34Kkv98iUCkfgz7Dh0XVhxJ2XeXAJ+i7IOJb66
> xDc9z7NElCaP0GFGVAJizE0wux+TrvMEdNba6u82xXnz2R080tMC6EVpvntcA9u7
> SrEpqMYat4AxRpQFi6B3sw4Kqk6ebBJuOvGyQi3dQPMdK6Zri1emmB5UqwFsFsPc
> sZ5drfniKqQxqVY+vbco1hla//L8kDhhHo6a71UqSMPd6taP+qowWLeSbJGGN9MX
> Knri2EAD0zoaMgYsRwPaXDXwLmbbM4hre4f6RZtnfAiOubvBixKqxugH0JyT2OqQ
> /jIlJrn+m2Jlkgc4UcKu0u+L2+7QhHeL5qjwA/KguuCxwsuFi/Zn6W95D+IZAXz1
> V0KSq/hfTNlrETaKmq2d8ZMYbEWdFjALt8uWWij5v32/IlrNp+mK52d2CB5Sgv2R
> XGI0Vq7iwrB9roh5/xEU9ihZDuicYdj9vJCQA36WJZ1VkyQab4UG8Amisy2JlZOn
> 7dT+l22O/QxMqN+fwtqMQ1QOFIMhkt/j3+dux9mXrSib1MKfYON2nJlD+PSwprSX
> bnIbNoVMkWseUP5mkWvj
> =oTn2
> -----END PGP SIGNATURE-----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: community-unsubscribe@apache.org
> For additional commands, e-mail: community-help@apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org