Use other hash than SHA-1
Christoph Anton Mitterer
christoph.anton.mitterer at physik.uni-muenchen.de
Mon May 4 19:40:05 CEST 2009
On Sun, 2009-05-03 at 22:56 -0400, David Shaw wrote:
> It's important to remember that this isn't a completely SHA-1 free
> key, as that is not currently possible in the OpenPGP protocol, but it
> is possible to make a "use as little SHA-1 as possible key".
Is there anything else than the fingerprint for the revocation
signatures and MDC?
> The end result will be a key that does not use SHA-1 either in its
> internal construction or in signatures it makes elsewhere. Keep in
> mind that there are some clients out there that simply cannot cope
> with this key and will reject it with one failure message or another.
> The most recent versions of either PGP or GPG can handle it just fine.
What would you suggest for existing RSA/DSA2 keys that always used SHA1
for their self-sigs and cert-sigs on other keys?
Should those be recreated with the "better" hash algo?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3387 bytes
Desc: not available
More information about the Gnupg-users