river-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Firmstone <j...@zeus.net.au>
Subject Re: Apache release signing on Solaris 10
Date Mon, 04 Jan 2010 12:48:33 GMT
Hi Robert,

This might be of interest to you as well:

bash-3.00$ gpg --version
gpg (GnuPG) 1.4.10
Copyright (C) 2008 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA-E, RSA-S, ELG-E, DSA
Cipher: 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH, CAMELLIA128,
        CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

N.B. Good luck with your exams.

Thanks,

Peter.

Peter Firmstone wrote:
> Hi Robert,
>
> setpref SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 
> ZIP Uncompressed
>                                                                                
> Set preference list to:
>     Cipher: AES256, AES192, AES, CAST5, 3DES
>     Digest: SHA512, SHA384, SHA256, SHA224, SHA1
>     Compression: ZLIB, BZIP2, ZIP, Uncompressed
>     Features: MDC, Keyserver no-modify
> Really update the preferences? (y/N) y
>
> You need a passphrase to unlock the secret key for
> user: "Peter Firmstone (Engineer) <peter.firmstone@zeus.net.au>"
> 4096-bit RSA key,
>
> gpg --list-secret-keys reports that both key's start with 4096R/KeyID
>
> And I've added to the end of my gpg.conf:
>
> personal-digest-preferences SHA512
> cert-digest-algo SHA512
> default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES 
> CAST5 ZLIB
> BZIP2 ZIP Uncompressed
>
> I edited gpg.conf after I had generated my keys.
>
> Is this ok?
>
> Cheers,
>
> Peter.
>
> Robert Burrell Donkin wrote:
>> On Mon, Jan 4, 2010 at 12:32 AM, Craig L Russell 
>> <Craig.Russell@sun.com> wrote:
>>  
>>> Hi Peter,
>>>
>>> The only reason *not* to use 1.4.10 IMHO is if the generated artifacts
>>> somehow are incompatible with other GPG programs out there.
>>>     
>>
>> unfortunately, some older programs are no longer secure after the
>> SHA-1 breakage. you need to check that SHA is set to 512 (or 256) for
>> signing and that both encrypt and sign keys are 4096 bit RSA (the
>> older versions did not use RSA for both keys).
>>
>> - robert
>>
>>   
>
>


Mime
View raw message