What determines the clearsign hash algorithm used by GnuPG?

Question

When using GnuPG to clear sign a text, there is a hash part in signed message. Take the example:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

abc
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEZZvqE5j3koIxs9Xim0+E4a5Vo2cFAlkRdvQACgkQm0+E4a5V
o2ew2QgAzHuvZ7Hlb6+3qRLjc9Yhdi+6tBmNWXbWpKoAQxpzx6jKQp/FSpQeGWuj
RxcYnqU3pk4ycMLtaCFcfnHEW5N0B95eXGcurgMGz7A6xhy0hy25x8WBdeKVAQ+2
PLA2ytJLUn2L1S3ueqJWcdVUBRaiczOOsYvvO
...
...

-----END PGP SIGNATURE-----

But the hash algorithm is different for different keys (or servers), sometimes SHA1, sometimes SHA256, SHA512.

What determines this, the key or GnuPG client? I can't find info on this, when you use gpg create new keys , there is no option to specify the hash algorithm.

update: to clearify my question, I added more info below. the command used to generate the example output above, is :

gpg --clearsign

( The gpg version is gpg2 on my system. )

then , I typed some random text and there comes the result above. I wish to know, how to generate output with specific "Hash:" values ? say, SHA1 ?

Answer 1

I wish to know, how to generate output with specific "Hash:" values ? say, SHA1 ?

To answer your question, use the --digest-algo SHA1 option.

As an example, here is a detached signature using SHA-256. I don't use --clearsign, so I'm not going to try to cobble it together:

gpg -a -u 1F8E37BD --digest-algo SHA256 --output test.txt.sig --detach-sig test.txt

-a produces the ASCII armour output. -u selects the signing key among different keys. --digest-algo selects the hash. --output is the output filename. The input filename must be last option.

The list of hashes and their values are available in RFC 4880, Section 9.4. SHA-1 is 2, and SHA-256 is 8.

You can audit the signature with:

$ cat test.txt.sig | gpg --list-packets | grep "digest algo"
    digest algo 8, begin of digest 05 94

Answer 2

What should be happening in that case is that you generate a hash for the message and use a key to encrypt it. The other side uses the opposite key to decrypt the hash, builds the hash of the message and compares it to the hash your attached.

It's important for the counterpart to know which kind of hash you used but there is no direct correlation between keys and the hash.

Answer 3

The hashing algorithm is chosen by the implementation of OpenPGP, in your case GnuPG. Which one gets selected

• is obviously restricted to algorithms support by GnuPG (gpg --version prints a list),
• depends on compliance options used and finally
• depends on your personal preferences.

For encrypting messages, additionally the recipient's preferences stored in the public key are considered.