Can I see the checksum when I sign/verify a file?

David Shaw dshaw at
Thu May 4 19:07:04 CEST 2006

On Thu, May 04, 2006 at 09:34:55AM -0600, Phil Helms wrote:
> Why not use MD5?

MD5 is deprecated in OpenPGP.  The current OpenPGP draft says:

      * The MD5 hash algorithm has been found to have weaknesses, with
        collisions found in a number of cases. MD5 is deprecated for
	use in OpenPGP. Implementations MUST NOT generate new signatures
        using MD5 as a hash function. They MAY continue to consider
	old signatures that used MD5 as valid.


More information about the Gnupg-users mailing list