river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: Apache release signing on Solaris 10
Date Mon, 04 Jan 2010 12:35:52 GMT
Hi Robert,

setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 
ZIP Uncompressed
                                                                                
Set preference list to:
     Cipher: AES256, AES192, AES, CAST5, 3DES
     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
     Compression: ZLIB, BZIP2, ZIP, Uncompressed
     Features: MDC, Keyserver no-modify
Really update the preferences? (y/N) y

You need a passphrase to unlock the secret key for
user: "Peter Firmstone (Engineer) <peter.firmstone@zeus.net.au>"
4096-bit RSA key,

gpg --list-secret-keys reports that both key's start with 4096R/KeyID

And I've added to the end of my gpg.conf:

personal-digest-preferences SHA512
cert-digest-algo SHA512
default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES 
CAST5 ZLIB
 BZIP2 ZIP Uncompressed

I edited gpg.conf after I had generated my keys.

Is this ok?

Cheers,

Peter.

Robert Burrell Donkin wrote:
> On Mon, Jan 4, 2010 at 12:32 AM, Craig L Russell <Craig.Russell@sun.com> wrote:
>   
>> Hi Peter,
>>
>> The only reason *not* to use 1.4.10 IMHO is if the generated artifacts
>> somehow are incompatible with other GPG programs out there.
>>     
>
> unfortunately, some older programs are no longer secure after the
> SHA-1 breakage. you need to check that SHA is set to 512 (or 256) for
> signing and that both encrypt and sign keys are 4096 bit RSA (the
> older versions did not use RSA for both keys).
>
> - robert
>
>   


Mime
View raw message