You are viewing a plain text version of this content. The canonical link for it is here.
Posted to community@apache.org by sebb <se...@gmail.com> on 2009/08/13 00:41:47 UTC
Re: [OpenPGP] GnuPG Stronger Hash Configuration
On 12/08/2009, Robert Burrell Donkin <rd...@apache.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> i've written up [1] how to configure GnuPG to use stronger hashes for
> WOT links and signatures. pretty much everyone should do this regardless
> of their current key size. hopefully, we can use it as the basis of
> documentation if people trial it, verify it works and then post feedback
> to this thread.
Needs to say where to find the gpg.conf file for Windows users.
"But for each existing key, ..." - it's not clear which existing keys
are being referred to.
Presumably this is referring to the private keys created by the user,
rather than all the public keys that may be on the key-ring.
BTW, the current version of GPG is 1.4.9; the example shows 1.4.7.
> - - robert
>
> [1] http://www.jroller.com/robertburrelldonkin/entry/gnupg_how_to_avoid_sha
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.11 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iQIcBAEBCgAGBQJKgxk1AAoJEHl6NpRAqILLSR0P/0p88OWMMO/Qp828Ecx3DQNB
> JM2LlizP/o5hp/U0s0enGtq7ytNAiY7wDoeVgEg7GBLnQiGMD84xS4lIahq6k+0r
> Q8hpaOlreeIkkMAa1SKq6wp/6u34Kkv98iUCkfgz7Dh0XVhxJ2XeXAJ+i7IOJb66
> xDc9z7NElCaP0GFGVAJizE0wux+TrvMEdNba6u82xXnz2R080tMC6EVpvntcA9u7
> SrEpqMYat4AxRpQFi6B3sw4Kqk6ebBJuOvGyQi3dQPMdK6Zri1emmB5UqwFsFsPc
> sZ5drfniKqQxqVY+vbco1hla//L8kDhhHo6a71UqSMPd6taP+qowWLeSbJGGN9MX
> Knri2EAD0zoaMgYsRwPaXDXwLmbbM4hre4f6RZtnfAiOubvBixKqxugH0JyT2OqQ
> /jIlJrn+m2Jlkgc4UcKu0u+L2+7QhHeL5qjwA/KguuCxwsuFi/Zn6W95D+IZAXz1
> V0KSq/hfTNlrETaKmq2d8ZMYbEWdFjALt8uWWij5v32/IlrNp+mK52d2CB5Sgv2R
> XGI0Vq7iwrB9roh5/xEU9ihZDuicYdj9vJCQA36WJZ1VkyQab4UG8Amisy2JlZOn
> 7dT+l22O/QxMqN+fwtqMQ1QOFIMhkt/j3+dux9mXrSib1MKfYON2nJlD+PSwprSX
> bnIbNoVMkWseUP5mkWvj
> =oTn2
> -----END PGP SIGNATURE-----
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: community-unsubscribe@apache.org
> For additional commands, e-mail: community-help@apache.org
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org
Re: [OpenPGP] GnuPG Stronger Hash Configuration
Posted by Robert Burrell Donkin <rd...@apache.org>.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
sebb wrote:
> On 12/08/2009, Robert Burrell Donkin <rd...@apache.org> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> i've written up [1] how to configure GnuPG to use stronger hashes for
>> WOT links and signatures. pretty much everyone should do this regardless
>> of their current key size. hopefully, we can use it as the basis of
>> documentation if people trial it, verify it works and then post feedback
>> to this thread.
>
> Needs to say where to find the gpg.conf file for Windows users.
for an apache version it's probably better to have windows and *nux
sections. i don't have windows so someone would need to step forward to
help with that.
the path is also only conventional but i opted against a digression into
the GnuPG configuration system. perhaps it would be better to add a
section on that as well.
i used the term WOT links but that's not the technical term. maybe it
would worthwhile explaining the configuration option used to introduce
developers to those terms.
> "But for each existing key, ..." - it's not clear which existing keys
> are being referred to.
>
> Presumably this is referring to the private keys created by the user,
> rather than all the public keys that may be on the key-ring.
the operation isn't possible unless you have the secret key but it would
be clear
> BTW, the current version of GPG is 1.4.9; the example shows 1.4.7.
8-)
- - robert
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBCgAGBQJKg668AAoJEHl6NpRAqILLVIYP/0Q8mepDJJ5Y9EZabpE2Tp07
Mdt0y+z4R9D7E6zc2r2L1TUtQaQSw/t57ar8wU6gkvMyqziIER9D77G/Y507wlQA
qVbnp5S6eYuL9H0NjNVv0mA5Sm0N9b2SWDsJi9QIzTizACg1Sqz/S5+DSBIvNTvI
DT7bD4MlWNp8EdIPPQzvzfBiJ0j9dPUIa8G+vt+Q8zhhJfCWBL51NaDczQqIG6Ls
2vpyT/nx4mPLNar9TNfQYQZl8s4amPZvVAv/Z20PH/kjBynRyU3vhrdQyQDW/mIy
7CA9kXlgepQq01w6IIFWQMZHtl7U9Y1xZZQ7kyWDuHEDTYf4zB4doSLDc9/xP8fq
N05ff0mHlPIfju72otI4IwQhQdtabl3Wnxu0mCP9fETJpcH6bGnjPxh62IYHWQim
ShyFjgxclyAgK09mO6Y74RS92RvXcF1GS4JjE27thQuzrgjjKHLyE8507rc/9SYl
Ep6G+ajyOT+6/fOSfWGOA07ERWFjO/KKhBOPy8Xvhy5FhGsljJb+CYECCt3OOIA3
kYf4UuZ6qmCiugM1b9/PqKJxyZUhoB2yro1xHSXcg9j79Z7/DURHZCPafqCCoNlA
hLeG+THWY4P+IyyW2QGPbqXpeDFs+0RB23ffV2Wenog/sLICFuvSZWmWMy8FkSr2
7KvI324Rg2/Z4hiTQJby
=xtP9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: community-unsubscribe@apache.org
For additional commands, e-mail: community-help@apache.org