dshaw at jabberwocky.com
Wed Feb 16 16:33:30 CET 2005
On Wed, Feb 16, 2005 at 07:22:25AM -0800, vedaal at hush.com wrote:
> if sha-1 does turn out to be as weak/broken as md-5,
> would it be possible for the owner of a key
> to somehow amend an already existing keypair,
> to change or add to the self-signature
> with a different trusted hash algorithm ?
For user IDs, that's easy and you can do that now. Just delete your
self-sig and re-sign the UID. For subkey self-signatures, you can
theoretically do it, but it's probably not worth it. Just revoke the
old subkey and make a new one with whatever hash algorithm you like.
Be careful though - remember that not all OpenPGP implementations
support all hashes. You can easily make your key unusable by some
people. The nice thing about SHA-1 is that it is required by the
protocol so it always works.
More information about the Gnupg-users