Use other hash than SHA-1

Christoph Anton Mitterer christoph.anton.mitterer at
Mon May 4 19:40:05 CEST 2009

On Sun, 2009-05-03 at 22:56 -0400, David Shaw wrote:
> It's important to remember that this isn't a completely SHA-1 free  
> key, as that is not currently possible in the OpenPGP protocol, but it  
> is possible to make a "use as little SHA-1 as possible key".
Is there anything else than the fingerprint for the revocation
signatures and MDC?

> The end result will be a key that does not use SHA-1 either in its  
> internal construction or in signatures it makes elsewhere.  Keep in  
> mind that there are some clients out there that simply cannot cope  
> with this key and will reject it with one failure message or another.   
> The most recent versions of either PGP or GPG can handle it just fine.
What would you suggest for existing RSA/DSA2 keys that always used SHA1
for their self-sigs and cert-sigs on other keys?
Should those be recreated with the "better" hash algo?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: </pipermail/attachments/20090504/1cd8e2d7/attachment.bin>

More information about the Gnupg-users mailing list