GPG uses SHA1 for symmetric encryption
Originally created by @Alice on #12178 (Redmine)
Encrypting a file with a passphrase through nautilus uses SHA1 with AES256. The 256 bit AES key will be derived from a 160 bit hash. The preferences currently used in gpg.conf have no affect on the hash used in symmetric encryption.
>gpg —list-packets file.pgp
>:symkey enc packet: version 4, cipher 9, s2k 3, hash 2
hash 2 is sha1
Adding ‘s2k-digest-algo SHA256’ to ~/.gnupg/gpg.conf will use SHA256 for deriving symmetric keys
Or —s2k-digest-algo SHA256 on the command line
>gpg —symmetric —cipher-algo AES256 —s2k-digest-algo SHA256 file
>gpg —list-packets file.gpg
>:symkey enc packet: version 4, cipher 9, s2k 3, hash 8
hash 8 is sha256
Related issues
- Related to #9511 (closed)
Edited by Ghost User