1.3.6 - hashes on 0x18 signatures
David Shaw
dshaw at jabberwocky.com
Mon Jul 19 02:44:15 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Sat, Jul 17, 2004 at 01:13:49AM -0400, Atom 'Smasher' wrote:
> 1.3.6 can create keybinding signatures with SHA-256 hashes. this is cool.
> but it doesn't seem possible (with 1.3.6) to change to an SHA-256 hash
> when a new keybinding signature is generated over a subkey that was
> previously signed with an SHA-1 hash.
>
> when updating a previously generated signature, shouldn't the hash be
> updated, if "--cert-digest-algo" is specified?
No. The signature update should only perform the action specifically
requested by the user (change expiration, change preferences, etc).
Doing anything in addition violates that expectation.
It's possible to have a function that remakes signatures with whatever
parameters are desired, but it is not appropriate to do this silently
during a function that happens to rewrite the signature for other
purposes.
David
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.3.6-cvs (GNU/Linux)
iGoEARECACoFAkD7GV8jGGh0dHA6Ly93d3cuamFiYmVyd29ja3kuY29tL2tleS5h
c2MACgkQ4mZch0nhy8lUaQCgseIOyL53Ee2bJ/X9+0EdE4ZC9HEAoL9/QicgSBY2
rIay+O+nSDS+B025
=Y4Ic
-----END PGP SIGNATURE-----
More information about the Gnupg-devel
mailing list