As noted on slashdot ([1] , [2]) earlier this week; famed cryptologist Bruce Schneier noted in his blog entry that the hashing algorithm SHA-1 had been successfully broken. While the new advances against SHA-1 are computationally feasible they are still quite difficult, however the general recommendation is that people move away from SHA-1 for digital signatures.
Moving away from SHA-1 for digital signatures when using GPG may take a little bit of work since SHA-1 is the default hashing algorithm for digital signatures.
First you will need to upgrade to GnuPG 1.4 if you have not already; this is because the previous versions of GPG lacked support for writing SHA256, SHA384, and SHA512. Unfortunately the package maintainers for many of the Linux distributions have not been keeping up, so finding a GPG 1.4 package may be difficult; even though the announcement for 1.4 states that 1.2 reached its end of life cycle last month. I recommend contacting your distributions GPG package maintainer, and giving them a friendly nudge to keep up to date.
Once you have upgraded you can pass the command line option (or put it in your ~/.gnupg/options file) –digest-algo sha256 (or sha384, or sha512) to sign your messages with the updated hashing algorithm. However if you are like me and chose the default key pair when generating your keys, then you have a DSA signing key and an ElGamal encryption key; which due to limitations in the DSA algorithm means that you will get this error when trying to sign with anything other than a 160 bit hashing algorithm (which SHA-1 is):
gpg: DSA requires the use of a 160 bit hash algorithm
The solution is to generate a subkey. Subkeys are extremely handy for just such a job; when generating a new key pair would mean losing all of the signatures you have worked so hard to gather, but you need a new encrypting (or in this case signing) key.
To generate a new subkey begin by editing your key (–edit-key ‘name’), then choose addkey, and finally choose RSA (sign only). That’s it; now you can use the newer SHAs.
One final note: Enigmail the GPG plugin for Thunderbird does not support SHA256 and above for PGP/MIME. The reasoning behind this decision can be found on this Enigmail mailing list thread.
Hi there,
Thanks very much for these instructions, I found them very useful.
One problem I have encountered is when I want to encrypt and sign a message to a user who doesn’t support my preferred algo. I get:
gpg: WARNING: forcing digest algorithm SHA512 (10) violates recipient preferences
I can’t figure out why I’m forcing this algo, my entry in gpg.conf (digest-algo) should only select my preferred option, not force it. Any thoughts on how to resolve this?
Steve,
Thanks for the feedback!
I actually do not receive that warning when I use SHA256 ; it seems to be specific to you using SHA512.
I read that warning as you are prefering SHA512, but maybe your recipient does not, so you would then be forcing them to.
My man page for gpg has this blurb:
http://linuxcommand.org/man_pages/gpg1.html
INTEROPERABILITY WITH OTHER OPENPGP PROGRAMS
GnuPG tries to be a very flexible implementation of the OpenPGP stan-
dard. In particular, GnuPG implements many of the optional parts of
the standard, such as the SHA-512 hash, and the ZLIB and BZIP2 compres-
sion algorithms. It is important to be aware that not all OpenPGP pro-
grams implement these optional algorithms and that by forcing their use
via the –cipher-algo, –digest-algo, –cert-digest-algo, or –com-
press-algo options in GnuPG, it is possible to create a perfectly valid
OpenPGP message, but one that cannot be read by the intended recipient.
So it would seem that gpg is just warning you that your recipient may not be able to handle your message.
Augie,
I think I may have just seen the light! The key I am trying to encrypt to is a PGP-2.x generated one. These keys have no algo preferences on them which probably results in some incompatibility problems. I’ve just tried with SHA-256 and received a similar error.
Enigmail seems to work fine as long as you use an RSA key…
Pingback: Thomas Fischer’s weblog » why enigmail and gpg does not work anymore after update
~/.gnupg/options is old and ignored by the latest versions of gnupg. Instead, put “digest-algo sha512″ into ~/.gnupg/gpg.conf