Signature has algorithms

Topas topas.org at web.de
Thu Dec 8 11:47:42 CET 2005


Hi.

I've seen that one can use different hash algorithms for creating 
signatures. The default is SHA-1 I think, but (and correct me if I'm 
wrong) SHA-512 (or even the "smaller" ones) should be more secure.

Ok,.. I've seen that one is able to change the used algorithm with the 
"--cert-digest-algo" option. For the primary key I could do the following:
1) Set the new algo (gpg.conf or command line).
2) Edit the key.
2a) Set prefered key server URL.
2b) Set some other settings from the primary key self-signature.
2c) Set prefered algorithms.
3) Delete every new self-signature except the last one (which shuld 
contain all the new settings with the new hash algorithm). (Is this 
possible/resonable, to delete the others?)
4) Save the key and be happy.

But what can I do with the self-sigs from my existing keys? How can I 
recreate them (with the new hash algorithm).

Thanks in advance.



More information about the Gnupg-users mailing list