<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Thu, Apr 4, 2013 at 8:15 PM, Tristan Seligmann <span dir="ltr"><<a href="mailto:mithrandi@mithrandi.net" target="_blank">mithrandi@mithrandi.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div>In fact, I believe there is no such thing as "signing the whole binary blob". When you use something like gpg --sign, what is actually signed with a public key signature algorithm is a hash of the content anyway. Thus, assuming you use the same hash algorithm as you would have instructed gpg to use (I think the default is SHA512 these days), there isn't any real difference between signing the content directly, and signing a hash of the content.<br>
</div></div><br clear="all"></div></div></blockquote><div><br></div><div>While you technically could sign the entire thing, yes, that is how (at least DSA) works.<br><br></div><div>DSA, by default, used SHA-1; recent revisions support SHA-2. A few years ago, GnuPG and several big users including Debian and Apache started suggesting the move to RSA instead of DSA keys. The algorithms vary a bit in speed and signature size, but the main reason was to allow newer hash functions.<br>
<br>That said, I'm pretty sure GPG uses a newer revision of DSA: when I left the defaults untouched near the end of 2012, it still seemed to prefer DSA/ElGamal despite the news from a few years ago. IIRC, the first version of the algorithm only allowed 1024 bit keys, whereas my DSA key is 3072.<br>
</div></div><br></div><div class="gmail_extra">Here's how you check what you support and in which preference:<br><br></div><div class="gmail_extra">===== SNIPPET FOLLOWS =====<br></div><div class="gmail_extra"><br>~ ❯ gpg --edit-key E6D6AAAE<br>
gpg (GnuPG) 1.4.13; Copyright (C) 2012 Free Software Foundation, Inc.<br>This is free software: you are free to change and redistribute it.<br>There is NO WARRANTY, to the extent permitted by law.<br><br>Secret key is available.<br>
<br>pub 3072D/E6D6AAAE created: 2012-10-14 expires: 2016-10-14 usage: SCA<br> trust: ultimate validity: ultimate<br>sub 3072g/7EF5843E created: 2012-10-14 expires: 2016-10-14 usage: E<br>
[ultimate] (1). Laurens Van Houtven <_@<a href="http://lvh.io">lvh.io</a>><br>
[ultimate] (2) Laurens Van Houtven <<a href="mailto:lvh@twistedmatrix.com">lvh@twistedmatrix.com</a>><br>[ultimate] (3) Laurens Van Houtven <_@lvh.cc><br><br>gpg> showpref<br>[ultimate] (1). Laurens Van Houtven <_@<a href="http://lvh.io">lvh.io</a>><br>
Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA<br> Digest: SHA256, SHA1, SHA384, SHA512, SHA224<br> Compression: ZLIB, BZIP2, ZIP, Uncompressed<br> Features: MDC, Keyserver no-modify<br>[ultimate] (2) Laurens Van Houtven <<a href="mailto:lvh@twistedmatrix.com">lvh@twistedmatrix.com</a>><br>
Cipher: AES256, AES192, AES, CAST5, 3DES<br> Digest: SHA256, SHA1, SHA384, SHA512, SHA224<br> Compression: ZLIB, BZIP2, ZIP, Uncompressed<br> Features: MDC, Keyserver no-modify<br>[ultimate] (3) Laurens Van Houtven <_@lvh.cc><br>
Cipher: AES256, AES192, AES, CAST5, 3DES, IDEA<br> Digest: SHA256, SHA1, SHA384, SHA512, SHA224<br> Compression: ZLIB, BZIP2, ZIP, Uncompressed<br> Features: MDC, Keyserver no-modify<br><br>gpg><br></div>
<div class="gmail_extra"><br>===== SNIPPET ENDS =====<br><br></div><div class="gmail_extra">As you can see, the preferred hash is SHA-256. That's, as far as we know, perfectly secure right now; IIUC the only reason SHA-512 isn't the default is backwards compatibility. PGP (the proprietary version) and gpg have both supported SHA-256 for *years and years* (and SHA-512 for years too, just not as many of the years ;-))<br>
<br></div><div class="gmail_extra">Assuming your key is recent (but please check with showpref as I demonstrated above), there isn't a problem with signing shasum files.<br></div><div class="gmail_extra"><br><div dir="ltr">
cheers<div>lvh</div></div>
</div></div>